Review: Typhon

By

NGS Software Typhon is more of a traditional network vulnerability assessment tool with some application intelligence built in. The utility was able to locate FTP-based vulnerabilities on our test system, but had difficulties with web assessment.

For: Clean interface which is easy to navigate and requires no additional knowledge to use.
Against: More of a network vulnerability assessment application than an application vulnerability assessment application.
Verdict: A large number of web false positives and only one type of report availabe make this a better network vulnerability assessment utility.


The utility did not display the name of URLs found during the crawl or group the vulnerabilities by category. Typhon was fooled with the custom error pages into believing pages existed that did not.

This yielded a list of non-existent pages and directories without much detail as to actual vulnerabilities. The number of false positives reported by the utility was well over 100.

This utility would perform well as a traditional network vulnerability assessment tool, but lacks the features necessary to perform a web-based application vulnerability assessment.

A unique feature to this utility is the ability to check for other ports open (which also created additional false positive responses), as well as an included war dialer. The utility offers one level of report that is easy to read and understand for the technician.

The installation of Typhon was very simple and required only clicking "next" a few times to install the utility. Once Typhon was installed, the utility was logically laid out and included an almost unnecessary wizard to configure the scan. Typhon also uninstalled cleanly and easily leaving the systems in their original states.

Documentation for the utility comes primarily through the included help files with the utility. The files are complete and can assist an administrator with configuration troubles. The utility is simple enough to use that help files and documentation should not be necessary for most administrators.

The primary method of support is through email, with messages said to be responded to the next business day.

The pricing for Typhon was in the middle of the range of products tested at US$10,445 (unlimited IP), which included the email support. The price is a bit high for the included features, and it performs more as a network vulnerability assessment application. It is priced more for that category.
Got a news tip for our journalists? Share it with us anonymously here.
Tags:
applicationassessmentsecurityvulnerability

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames
Victoria's Secret pulls down website amid security incident

Victoria's Secret pulls down website amid security incident
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?